Event Search

News in a Minute Weekly Roundup | Dec. 22

December 22, 2017

By Marcos Colón

With so much going on in the office last week, here’s a look at some of the top stories you may have missed, including claims that Uber may have illegally accessed its competitors’ networks, the government’s “Hack the Air Force” competition shelling out a whopping $10,650 grand prize, and Kaspersky Lab asking a court to overturn the Trump Administration’s ban of its software.

BUG BOUNTY

‘Hack the Air Force’ Pays Out Biggest Government Bug Bounty Prize Yet

A total of 55 vulnerabilities were discovered during the government’s Hack the Air Force hackathon recently, with a total of $26,883 paid in bounties to white-hat hackers. A pair of hackers earned the top price of $10,650 after discovering a critical bug. The prize is considered the largest single award in any government bug bounty program so far.

Russian cybersecurity software firm Kaspersky Lab asked a U.S. federal court to overturn the recent ban on its products in government networks. In September the Department of Homeland Security ordered civilian government agencies to remove the company’s software for its networks within 90 days. Kaspersky Lab has insisted that it has no ties to the Kremlin.

A letter submitted by the Department of Justice written on behalf of a former Uber employee, claims the transportation company illegally surveilled its competitors. The letter, submitted to a judge that’s presiding over the legal dispute between Uber and Waymo, reportedly claims that Uber conspired to steal the company’s self-driving technology trade secrets.

A new study that polls 114 professionals that fall into the CISO, risk officer, cybersecurity specialist and C-level executive category sheds light on the struggles that organizations are facing when it comes to quantifying and managing risk. Conducted by the FAIR Institute, a nonprofit focused on risk management; the study indicates that many organizations in the health, finance, and insurance industries have low-risk management maturity.

U.S. Publicly Acknowledges that North Korea Was Behind WannaCry Attacks

The Trump Administration has declared that North Korea carried out the largest cyber attack of the year, and one of the largest to date. An op-ed published in The Wall Street Journal by Homeland Security Adviser Thomas P. Bossert publicly acknowledges that North Korea was behind the WannaCry worm that impacted more than 230,000 computers in more than 150 countries.

Hundreds of Lexmark printers were found to be misconfigured, leaving them open to the public internet, serving as an open door for attackers. Researchers at NewSky Security identified 1,123 Lexmark printers used by businesses, universities and even U.S. government offices. Should an attacker compromise the printers, they could add a backdoor to capture printing jobs or disrupt the printer’s operation.

After researchers with Kaspersky Lab began testing the recently discovered cryptocurrency mining malware on an Android phone, the device was inoperable within two days. Dubbed Loapi, the strain also has the ability to launch distributed denial-of-service (DDoS) attacks and also features additional malicious functions.

The personal information of about 123 million American households is at risk after a data analytics’ firm experienced a data breach. California-based Alteryx amassed the personal information and uploaded it to a publicly available AWS data repository that lacked basic security protections. The data was “left downloadable on the public internet,” according to one security expert.

As MISTI’s content marketing lead, Marcos spearheads the brand’s content marketing strategy, implementing a process to deliver high-quality insight to information security and internal audit professionals. Prior to working with MISTI, he served as the online editor for the award-winning SC Magazine, a prominent B2B IT security publication. He also served as a senior editor at NewsCred, a prominent content marketing agency, where he provided content strategy guidance for leading brands that include Discover, IBM, Visa and Bloomberg.

MISTI Newsletters

Quick Links

MIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.